Innovative solution to check phishing

K. Balaraju was thinking about an innovative way of teaching dance at Saarang using coloured squares on a transparent stage when he says he came up with the idea of secure online transactions that helped him finish his masters’ thesis and file four patents.

Explaining the features of the card based on Mr. Balaraju’s idea, Polaris executives said internet banking customers would use multi-factor authentication to secure each transaction. The first level of security would be provided by the typical password-based login into the bank’s portal. The customer would be provided with a booklet of security cards – transparent sheets with grids of 10x6 squares with each square empty or shaded black or marked with a number. For each transaction, the customer would be prompted to use a particular card from the booklet and superimpose it on a grid generated by the portal on the computer monitor for that transaction. The numbers visible after such superimposition should be used as the password for that transaction.

Each card may be used for a certain number of transactions and each booklet would contain five to ten cards. Customers may submit requests for fresh booklets similar to requests for cheque books. Since each transaction generated a unique password and a physical superimposition was required to generate it, typical phishing attacks including keylogging, screenlogging or using dictionary methods to decipher passwords would not work in this case, executives said.

L.S.Ganesh, co-ordinator of the M.S.(Entrepreneurship) programme at IIT-M, said the Department of Management Studies had worked with the Department of Computer Science to come up with a user-ready product.

Ramesh Ganesan, head of transaction banking, IndusInd Bank, said the bank had said the bank was actively looking for innovations to protect internet banking customers’ data.